Jump to content

Manual:$wgWhitelistRead

From mediawiki.org
User rights, access control and monitoring: $wgWhitelistRead
Pages anonymous user may see.
Introduced in version:1.1.0
Removed in version:Still in use
Allowed values:(array of page names) or false
Default value:false
Warning Warning: MediaWiki from 1.32 to 1.35.4, 1.36.2, 1.37.0 contain a security issue that allow unprivileged editing of arbitrary page and arbitrary JavaScript execution. If you are using one of these versions and can not upgrade to a newer version, please see 2021-12 security release/FAQ for a workaround.

Details

If a group of users is blocked from viewing the wiki by using the $wgGroupPermissions configuration parameter...

$wgGroupPermissions[...]['read'] = false;

...you may still want them to be able to view certain key pages, in particular the main page! This setting holds an array of page names that all users are allowed to view, regardless of their group permissions.

A recommended minimum which allows everyone to view the home page and the login screen as well as loading CSS/JS customizations is as follows:

MediaWiki ≥ 1.18.1[1]
$wgWhitelistRead = [
    'Main Page',
    'MediaWiki:Common.css',
    'MediaWiki:Common.js'
    ];
"Main Page" uses spaces instead of underscores between words.
Warning Warning: If you are using a content language other than English, you may need to use the translated special page names instead of their English names.

See also

References

  1. Starting with r105428 "Special:PasswordReset" is always whitelisted just like "Special:UserLogin" and "Special:ChangePassword".